public fun toString ()Ljava/lang/String;
}

public final class okhttp3/Handshake$Companion {
	public final fun -deprecated_get (Ljavax/net/ssl/SSLSession;)Lokhttp3/Handshake;
	public final fun get (Ljavax/net/ssl/SSLSession;)Lokhttp3/Handshake;
	public final fun get (Lokhttp3/TlsVersion;Lokhttp3/CipherSuite;Ljava/util/List;Ljava/util/List;)Lokhttp3/Handshake;
}

   * client presents a certificate that is [trusted][TrustManager] the handshake will
   * proceed normally. The connection will also proceed normally if the client presents no
   * certificate at all! But if the client presents an untrusted certificate the handshake
   * will fail and no connection will be established.
   */
  fun requestClientAuth() {

    val server = MockWebServer()
    server.useHttps(handshakeCertificates.sslSocketFactory(), false)
    ```

    Get these strings with `HeldCertificate.certificatePem()` and `privateKeyPkcs8Pem()`.

 *  Fix: Handshake now returns peer certificates in canonical order: each certificate is signed by
    the certificate that follows and the last certificate is signed by a trusted root.

    val request = Request.Builder().url("https://mozilla.org/robots.txt").build()

    client.newCall(request).execute().use {
      assertThat(it.protocol).isEqualTo(Protocol.HTTP_2)
      assertThat(it.handshake!!.tlsVersion).isEqualTo(TlsVersion.TLS_1_3)
    }
  }

 * certificate is signed by the certificate that follows, and the last certificate is a trusted CA
 * certificate.
 *
 * Use of the chain cleaner is necessary to omit unexpected certificates that aren't relevant to
 * the TLS handshake and to extract the trusted CA certificate for the benefit of certificate
 * pinning.
 */
abstract class CertificateChainCleaner {
  @Throws(SSLPeerUnverifiedException::class)
  abstract fun clean(

    val response = executeSynchronously("/")
    response.assertFailure(
      // JDK 11 response to the FAIL_HANDSHAKE:
      SSLException::class.java,
      // RI response to the FAIL_HANDSHAKE:
      SSLProtocolException::class.java,
      // Android's response to the FAIL_HANDSHAKE:
      SSLHandshakeException::class.java,
    )

    val cipherSuite = response1.handshake!!.cipherSuite
    val localCerts = response1.handshake!!.localCertificates
    val serverCerts = response1.handshake!!.peerCertificates
    val peerPrincipal = response1.handshake!!.peerPrincipal
    val localPrincipal = response1.handshake!!.localPrincipal
    val response2 = client.newCall(request).execute() // Cached!

    assertThat(cache.requestCount()).isEqualTo(2)
    assertThat(cache.networkCount()).isEqualTo(1)
    assertThat(cache.hitCount()).isEqualTo(1)

    assertThat(response.handshake!!.cipherSuite.javaName).startsWith("SLT_")
  }

  @Test
  fun truncatedMetadataEntry() {
    val response =
      testCorruptingCache {
        corruptMetadata {

          }
          throw IOException("Unexpected code $response")
        }
        println(response.body.string())

        for (peerCertificate in response.handshake?.peerCertificates.orEmpty()) {
          println((peerCertificate as X509Certificate).subjectDN)
        }
      }
  }
}

fun main() {
  CustomTrust().run()

HSPLokhttp3/EventListener;->secureConnectEnd(Lokhttp3/Call;Lokhttp3/Handshake;)V
HSPLokhttp3/EventListener;->secureConnectStart(Lokhttp3/Call;)V
HSPLokhttp3/Handshake$Companion$handshake$1;-><init>(Ljava/util/List;)V
HSPLokhttp3/Handshake$peerCertificates$2;-><init>(Lkotlin/jvm/functions/Function0;)V
HSPLokhttp3/Handshake;-><init>(Lokhttp3/TlsVersion;Lokhttp3/CipherSuite;Ljava/util/List;Lkotlin/jvm/functions/Function0;)V